The web-service I’m going to profile is called Baza-Inform. Basically, it offers potential spammers segmented databases of harvested emails.

Currently, the service has the following inventory of emails:

mail.ru, bk.ru, list.ru, inbox.ru – 15 970 807

ya.ru, yandex.ru, narod.ru – 3 091 994

rambler.ru, lenta.ru, ro1.ru – 1 636 720

qip.ru, pochta.ru, fromru.com – 1 944 490

nextmail.ru – 185 987

gmail.com, googlemail.com – 8 888 053

yahoo.com, yahoo.us – 36 267 998

hotmail.com – 28 829 391

aol.com – 22 356 273

gmx.com, gmx.de – 12 465 024

Just how easy is it to harvest emails? Like in every other market segment within the cybercrime ecosystem, spammers are quick to adapt to emerging trends aiming to prevent the automatic harvesting of emails. In 2008, I came across an email harvester that’s capable of harvesting emails in the following formats:

mail@mail.com

mail[at]mail.com

mail[at]mail[dot]com

mail [space]mail [space]com

mail(@)mail.com

mail(a)mail.com

mail AT mail DOT com

Moreover, in 2009 it became evident that spammers are directly harvesting emails from Twitter users who share their email details over the micro-blogging service. Clearly, such lists are fairly easy to compile, given the active harvesting on behalf of the spammers. In terms of quality assurance, prospective buyers cannot verify the validity of the database until they purchase it. Once they purchase it, they will use tools such as the High Speed Verifier to verify their validity automatically.

Monitoring of the service is ongoing. Details will be published as soon as they update their underground market proposition.

[…] monitor and record calls via Siri.If this all sounds a little paranoid to you, don’t forget there is a massive market out there for illicit access to our emails, contacts, phone numbers and other private data. Some […]

[…] ecosystem. With thousands of malware-infected hosts ready to spamvertise billions of emails, fresh databases of harvested emails, next to the fact that end and corporate users continue clicking on links found in spam emails, […]

[…] month, Webroot profiled an underground web service that continue selling millions of already harvested email addresses, next to another service, selling exclusive access to U.S Government and U.S Military email […]

[…] needed to become a spammer, starting for a managed spam appliance, DIY email harvesters, and millions of harvested emails, are available for sale within the cybercrime ecosystem. Despite the numerous […]

[…] the following posts to get the “big picture” on how the spam ecosystem really works – Millions of harvested emails offered for sale; Millions of harvested U.S government and U.S military email addresses offered for sale; New DIY […]